BlockThreat - Week 1, 2026

Greetings!

We are starting the new year with nearly $4 million in losses across four incidents, with the majority stemming from the Unleash Protocol hack on the Story chain.

Thanks to a detailed incident report published by the Unleash Protocol team, we now have visibility into a familiar phishing attack pattern:

• Compromise of a privileged user via Telegram.
• Distribution of a link to a look-alike Safe interface to other multisig signers.
• A specially crafted transaction that reduced the consensus threshold to just 1.
• Profit!

The critical control that could have detected this earlier beyond the initial account compromise was a multisig transaction verification. Such verification may have flagged the malicious proposal before execution. It is a painful lesson, but one the broader DeFi industry will hopefully adopt quickly.

You can find post-mortems, indicators, and other details for Unleash Protocol, PRXVT, Valinity, and other compromises in the premium section below.

Let’s dive into the news!

News

• Ledger confirms customer data leaked in third-party Global-e breach.
• Crypto exploit triage group SEAL sees uptick in tickets in 2025.

Crime

• Bitfinex Hacker Behind $11 Billion Bitcoin Heist Credits Trump for Early Prison Release.
• Crypto Thieves Move Offline to Terrorize Investors at Home by Bloomberg.
• The Grisliest Bitcoin and Crypto Wrench Attacks That Grabbed Headlines in 2025.

Policy

• US Crypto Policy Flips Pro-Growth as SEC Rulemaking Replaces Enforcement Crackdowns.

Phishing

• Hundreds of MetaMask wallets drained: What to check before you ‘update’.
• Scam Sniffer 2025: Crypto Phishing Losses Fall 83% to $84 Million - Scam Sniffer.

Scams

• A user set up a bot that has been front running shitcoin launches and making the rug-deployers lose money and unable to launch.
• A quick look into omnerausd (@ColeJacksonUS) and @Shade_L2 ICO scam by Specter.

Malware

• DarkSpectre: Unmasking the Threat Actor Behind 8.8 Million Infected Browsers by Tuval Admoni,Gal Hachamov (Koi).
• New GlassWorm malware wave targets Macs with trojanized crypto wallets.

Media

• Behind the Keyboard with 2025 Watson of the Year, 0xSimao by Sherlock.
• Trust X - Circuit Breakers: The Magic Pill to DeFi’s Security Problem?

Contests

• Capture The Funds - Certora Next-Gen CTF. Congratulations winners!

Research

• An AI security awesome list / learning journey by Bernhard Mueller.
• Mage: Cracking Elliptic Curve Cryptography with Cross-Axis Transformers.
• A Practical Guide to Finding Soundness Bugs in ZK Circuits..
• Returndata Bombing RAI’s Liquidation Engine - A Critical Bug Worth $0 by Trust Security. As always not without a controversy.
• Second-order effects of advances in AI auditors by Trust Security. We are already seeing them with a spike in old code exploitation.
• Let LLM analyse an Etherscan verified contract > LLM has code execution capabilities > LLM listens to the instructions part of the verified source code comments > get rekt. A dangerous exploitation strategy by pcaversaccio.
• What is a Blockchain, Actually? by Kian Paimani. A short online book containing all that I have learned and know about Web3 and blockchain in the last 7 years.

Tools

• Detect Go’s silent arithmetic bugs with go-panikint.
• Onboardme - a highly experimental tool to help you understand smart contracts faster. Repo here. Pretty cool graphics, Hackers meets blockchain.

Hacks

Unleash Protocol Compromise

Date: December 29, 2025
Attack Vector: Multisig Hijacking
Impact: $3,900,000
Chain: Story

References:

• https://x.com/peckshieldalert/status/2005947786026471897
• https://x.com/CyversAlerts/status/2006003209496559796
• https://x.com/UnleashProtocol/status/2005907998691229933
• https://x.com/m13_digital/status/2005984589873856811
• https://x.com/UnleashProtocol/status/2008918529777803514

Laundering:

• https://www.theblock.co/post/383981/unleash-hacker-laundering-4-million-eth-tornado-cash

Exploit:

• https://www.storyscan.io/tx/0xc0b3f6e0a2159d9ffa39b84ae1c6e1b94e03cb3077a52811e355d9743d69062e?tab=logs

DoomCat Compromise

Date: December 30, 2025
Attack Vector: Price Oracle Manipulation
Impact: $5,000
Chain: Ethereum

References:

• https://x.com/TikkalaResearch/status/2006062512421097732

Exploit:

• https://etherscan.io/tx/0x58d57759c5356f8a9fb666998b42e7ff0c17189f02bb2a0934a2b03564f6169f

PRXVT Compromise

Date: January 1, 2026
Attack Vector: Unknown
Chain: Base

References:

• https://x.com/PRXVTai/status/2006657426024472652
• https://x.com/prxvtai/status/2006706410193559703

Valinity Compromise

Date: January 2, 2026
Attack Vector: Logic Error
Impact: $63,000
Chain: Ethereum

References:

• https://x.com/hklst4r/status/2007366523464093850

Exploit:

• https://etherscan.io/tx/0x01da0f18a7876b804ee2bb4796e8b8aa2335f8adf58c827babf914cbb6d874cd